Hi Petr,
thank you for the information. I will enable and use CDNSKEY and CDS records.
Maxi
On Montag, 29. Oktober 2018 09:22:00 CET Petr Špaček wrote:
> Hi Maxi,
>
> yes, I would strongly recommend you to keep CDS/CDNSKEY enabled. It is
> the only industry-standard way to manage DS records.
>
Hi Maxi,
yes, I would strongly recommend you to keep CDS/CDNSKEY enabled. It is
the only industry-standard way to manage DS records.
It is also the safest way to obtain correct data for DS in parent
because it gets generated by Knot DNS policy engine and minimizes risk
of humar error.
Petr
Hi Libor,
Thank you for your reply. I disabled the generation of CDS and CDNSKEY records
in my setup because I'm currently not planning on using them and thus didn't
see it necessary to publish them. However I see no harm in publishing them, so
I think I can as well enable them again.
Is
Hi Maxi,
when it comes to updating the parent zone's DS during the rollover, Knot
automatically (unless overriden by config) publishes CDS and CDNSKEY
records in your zone. You can query your server and use them directly,
the parent's DS shall be equal to your CDS.
Libor
Dne 26.10.18 v